Security and Privacy Professional
Company: DevSelect
Location: Seattle
Posted on: November 25, 2022
|
|
|
Job Description:
Title: Security and Privacy Professional
Reports to: CIO
Salary: DoE
POSITION SUMMARYThis position resides within the Digital Services
group of CLIENT. The Security and Privacy Professional, in close
partnership with the CIO and CISO, oversees and coordinates
day-to-day activity related to information security and privacy
oriented initiatives, policies, standards and procedures throughout
the organization. The Security and Privacy Professional is
responsible for planning, influencing, and coordinating the
company's information security policies, setting procedures and
guidelines to ensure that all information systems are functional,
secure and safeguarded throughout the company and are in compliance
with privacy and information security laws and regulations
applicable to retail institutions. Additionally, the Security and
Privacy Professional is responsible for providing leadership during
security events, as well as ensuring the technical and
administrative support for the development of Disaster Recovery and
Business Continuity programs for the company. The incumbent
interfaces with theInformation and Digital
Services Core IT Operations team on matters of security and privacy
operational controls. In addition, the incumbent acts as an
internal consultant and to the organization on issues involving
security and privacy.
-
-RESPONSIBILITIES
Assist in tactical follow-up on detected security issues and drive
the design and implementation of solutions to reduce security
risks
Drive the research, development, and communication around Security
and Privacy matters, by maintaining and working with the
operational units on the enforcement ofIT security architecture,
policies, procedures, solutions and standards
Participate in and provide specific IT security oriented leadership
during incident response planning as well as the investigation of
security breaches, and assist with disciplinary and legal matters
associated with such breaches as necessary
Keep abreast and advise the company with regard to the latest
industry security and privacy best-practices and technologies
Coordinate with Business Owners to analyze, document and define
requirements associated with new development or maintenance and
enhancements to existing security roles and permissions.
Deliver services that meet regulatory specifications. Work with
internal and external auditors to document and confirm that all
security administrative duties are properly performed as well as
demonstrate overall compliance . - -QualificationsA minimum of 5
years operational and strategic experience in IT controls and
information security, IT compliance, networking security or IT
audit is required.
Artifact management experience including the development and
maintenance of Policies, Standards, and other supporting
documentation. Ability to document and maintain the details of IT
remediation projects, committee meetings, and the findings of
security testing and assessment projects.
Operational experience with IT compliance requirements and
processes, especially PCI DSS and adjacent PCI industry controls,
mitigations, and incident responses.
Operational experience in the inventory and classification of IT
assets, and the update and maintenance thereof
Access control and identity management experience, including the
principles and management of access to network infrastructure,
server platforms, Active Directory domains, and databases. Ability
to provide subject matter expertise in the areas of configuration
management and maintenance of access control and assessment of
access for these systems. Knowledge of RADIUS, LDAP, and Cloud SSO
solutions is a plus
Skilled in the principles and management of key management and
encryption systems, for information in transit and at rest.
Extensive knowledge of both symmetric and asymmetric cryptographic
systems
Demonstrate extensive experience with vulnerability management
-
-Education4-year college degree or demonstrated equivalent
experience with appropriate time-in-role, with subject matter
majors in Computer Science, Information Management, Information
Security or equivalent disciplines
A SANS, CISSP or other equivalent industry-recognized Security
certification is required.
Additional certifications in IT audit or IT controls design and
management are preferred
CObIT and/orITIL certifications, education, or equivalent
experience with control and operational frameworks a strong
plus
-
-Technical SkillsInformation security assessment and auditing
procedures, from both technical and business perspectives, and the
use of formal methodologies such as NSAIAM
E-commerce application security Computer investigation and
forensics methods and technologies Secure messaging
architectures
Strong Knowledge of regulatory bodies, and the regulations and
guidance issued by these bodies
Strong knowledge of control and privacy laws and standards, such as
GLBA, 581386, SOX and PCI
Must possess strong project management and leadership aptitude;
demonstrated professionalism in managing multiple projects and
resources effectively.
-
-General Knowledge and AbilitiesExperience with PKI certificate
management and root certificate repositories Working experience
with penetration testing
-
-Physical RequirementsOffice based professional, no physical
requirements
-
Keywords: DevSelect, Seattle , Security and Privacy Professional, Other , Seattle, Washington
|
Click
here to apply!
|
